16 matches found
CVE-2016-10258
Symantec ASG/ProxySG are affected by CVE-2016-10258 (Unrestricted file upload) in management consoles. A malicious appliance administrator can upload arbitrary files and trick another admin into downloading/executing them. The issue is mitigated by upgrading to specified versions: ProxySG 6.5.10....
CVE-2017-13677
CVE-2017-13677 is a DoS vulnerability in Symantec ASG and ProxySG management consoles. A remote attacker can send crafted HTTP/HTTPS requests to trigger application crashes, affecting management-console availability. Affected are ASG and ProxySG SGOS versions prior to the specified remediations. ...
CVE-2019-18375
The vulnerability CVE-2019-18375 affects Broadcom ASG (Advanced Secure Gateway) and ProxySG management consoles. A remote attacker with access to the appliance management interface can hijack an active session and access the management console with the hijacked user’s privileges. Impact is sessio...
CVE-2023-23952
Affected product: Broadcom Advanced Secure Gateway and Content Analysis. Vulnerable components/versions: ASG and Content Analysis prior to 7.3.13.1 and 3.1.6.0. Root cause: Command injection vulnerability. Impact: high (CVSSv3.1 base 9.8, Confidentiality/Integrity/Availability high). Guidance: up...
CVE-2017-13678
CVE-2017-13678 is a stored XSS vulnerability affecting Symantec ASG and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript into the management console web client, with impact limited to the console session as described in the sources. The advisory not...
CVE-2018-5241
CVE-2018-5241 affects Symantec Advanced Secure Gateway (ASG) and ProxySG. The vulnerability arises when parsing SAML responses: XML nodes with comments are mishandled, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature and bypass authentica...
CVE-2016-10257
Symantec ProxySG/ASG products are affected by CVE-2016-10257: a reflected XSS in the management console. Affected: ASG 6.6 and ASG 6.7 (before 6.7.2.1); ProxySG 6.5 (before 6.5.10.6), 6.6, and 6.7 (before 6.7.2.1). The flaw allows an attacker to inject arbitrary JavaScript into the management con...
CVE-2018-18370
The CVE-2018-18370 issue affects ASG/ProxySG FTP proxy WebFTP mode and is a stored XSS vulnerability in the web listing of remote FTP servers. An attacker must be able to upload crafted files to the remote FTP server to inject malicious JavaScript via a ftp:// URL in a browser. Affected versions ...
CVE-2018-18371
The CVE-2018-18371 issue affects the ASG/ProxySG FTP proxy WebFTP mode, enabling information disclosure by exposing plaintext credentials stored in the device’s web listing of FTP servers when users access an FTP server via ftp:// in a browser. Affected versions include ASG 6.6 and 6.7 prior to 6...
CVE-2021-46825
Affected products: Symantec Advanced Secure Gateway (ASG) and ProxySG. Vulnerability: HTTP desync/HTTP desmuggling where a remote, unauthenticated attacker can leverage crafted HTTP requests to cause the proxy to forward a web server’s responses to unintended clients when the attacker and other c...
CVE-2023-23955
CVE-2023-23955 affects Broadcom’s Advanced Secure Gateway and Content Analysis: versions prior to 7.3.13.1 and 3.1.6.0 are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. The available connected documents confirm the product family and vulnerable version ranges, with remediatio...
CVE-2016-9097
The CVE-2016-9097 issue affects Symantec ProxySG and Advanced Secure Gateway (ASG) management consoles. Root cause: improper user authorization allowing a read-only administrator to access read-write functionality. Affected versions and fixes are documented: ASG 6.6 prior to 6.6.5.8 requires upgr...
CVE-2016-9099
CVE-2016-9099 is an open redirect vulnerability affecting Symantec ASG/ProxySG: ASG 6.6, ASG 6.7 before 6.7.2.1, ProxySG 6.5 before 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 before 6.7.2.1. An attacker can use a crafted management console URL in a phishing scenario to redirect users to a malicious s...
CVE-2016-9100
The CVE-2016-9100 entry affects Symantec ASG/ProxySG: ASG 6.6 before 6.6.5.13, ASG 6.7 before 6.7.3.1, ProxySG 6.5 before 6.5.10.6, ProxySG 6.6 before 6.6.5.13, and ProxySG 6.7 before 6.7.3.1 are vulnerable to information disclosure. An attacker with local access to the client host of an authenti...
CVE-2023-23954
Broadcom Advanced Secure Gateway (ASG) and Content Analysis are affected by CVE-2023-23954, a Stored Cross‑Site Scripting vulnerability in ASG prior to v7.3.13.1 and Content Analysis prior to v3.1.6.0. The description indicates a stored XSS issue but provides no exploitation details. Rationale an...
CVE-2023-23953
The CVE-2023-23953 entry applies to Broadcom Advanced Secure Gateway (ASG) and Content Analysis, affected before 7.3.13.1 and 3.1.6.0. The root cause is an Elevation of Privilege vulnerability reported across multiple sources. Impact is described as potential privilege escalation on affected appl...